CISA has issued a warning about a newly-disclosed Linux kernel vulnerability, CVE-2026-31431, dubbed 'CopyFail', which is already being exploited. The flaw allows low-level users to gain full root privileges by modifying read-only data. Major Linux distributions have released patches, but the exploit works across multiple versions, including Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16. CISA has mandated Federal agencies to patch by May 15, as threat actors are expected to increase exploitation attempts.
CISA is warning that a newly-disclosed Linux kernel bug dubbed"CopyFail" is already being exploited, just days after researchers dropped a working root-level exploit. Tracked as CVE-2026-31431 , the bug sits in the Linux kernel and gives low-level users a way to take full control of a system by modifying data they should only be able to read, effectively turning limited access into full root privileges on unpatched machines.
, which said the flaw was discovered by its AI-powered penetration testing platform, Xint, and reported to the Linux kernel security team on March 23. Major Linux distributions pushed out patches ahead of public disclosure, which Theori published alongside a proof-of-concept exploit. The Python-based code works against Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16, but the researchers warned that every mainstream Linux kernel built since 2017 is in scope of potential exploitation.
"Same script, four distributions, four root shells — in one take. The same exploit binary works unmodified on every Linux distribution," Theori says. That level of reliability has not gone unnoticed. The CISA, the US government's cybersecurity agency, has added the bug to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to patch within two weeks, setting a May 15 deadline..
"Given the availability of a fully working exploit proof-of-concept and the race to patch systems, Microsoft Defender is seeing preliminary testing activity that might result most likely in increased threat actor exploitation over the next few days," the company warned. First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attackThe mechanics help explain the urgency.
The attack is local and requires little access, with no user interaction, so anyone who already has a foothold on a vulnerable box can try their luck. It is the kind of bug that turns a small break-in into full control pretty quickly. , opening a path to tamper with cached data in ways that were never meant to be user-controlled. With a reliable exploit now in the wild, that design quirk has effectively turned into a universal privilege-escalation trick.
®Viva la revolución: LinkedIn profile visitor lists belong to the people, says NoybForget"have you tried turning it off and on again?
" Agentic AI support systems now seek and destroy tech issues before they're a problem. ServiceNow clears agents for landing with new AI control towerReal estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
Linux Kernel Vulnerability CVE-2026-31431 Copyfail Exploit Root Privileges CISA Warning
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Toto Wolff warns against Kimi Antonelli hype after third consecutive win in MiamiToto Wolff has warned Mercedes not to get carried away with Kimi Antonelli’s early-season success after the teenager claimed his third consecutive win at the Miami GP
Read more »
Iran Warns US Against Intervention in Strait of Hormuz as Trump Announces 'Project Freedom'A top Iranian lawmaker has condemned former President Trump’s plan to escort foreign ships through the Strait of Hormuz as a violation of the ceasefire, while the US continues to review Iran’s proposal for ending the conflict. The situation remains tense with ongoing diplomatic efforts and a US naval blockade of Iranian ports.
Read more »
Five Eyes spook shops warn agentic is too wonky for rapid rollout: Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada
Read more »
Council warns action may follow derelict Corby pub fireA large fire at a pub that has been empty for 10 years is being treated as arson.
Read more »
Amazon warns customers before 'masterful' crime drama leaves in 4 daysThe Leonardo DiCaprio and Martin Scorsese movie is leaving Prime Video soon.
Read more »
Royal Mail warns all Scottish households there are 'no deliveries' in urgent updateHomes and businesses won't receive mail today
Read more »